U.S. website that covers China hit in cyberattack

By Ellen Nakashima, The Washington Post •April 20, 2012 9:53 pm

A U.S.-based website that has aggressively covered China’s biggest political scandal in decades was the victim of a disruptive attack that was accompanied by threats to its hosting service, the site’s manager said Friday.

The site was rendered inaccessible for much of Thursday, depriving readers of coverage of the latest developments in the downfall of Chinese Communist Party official Bo Xilai, said Watson Meng, 47, who runs the Chinese-language site from Durham, N.C.

Chinese viewers are able to gain access through proxy servers that get them around China’s Internet firewall, which the government uses to block certain content. Meng said he believes some element of the government ordered the disruption, but said he has no forensic proof.

The site, Boxun, has been targeted previously while publishing material considered sensitive by the Chinese government.

“It’s obvious that it’s related to what we have been reporting recently,” Meng said.

Chinese Embassy spokesman Geng Shuang called the allegation groundless. “The Chinese government prohibits online criminal offenses of all forms, including cyber attacks, and has done what it can to combat such activities in accordance with Chinese law,” he said in an e-mail.

Since February, Boxun has covered the story of Bo, a party chief in Chongqing who was ousted last month amid a government investigation into corruption and allegations of murder against his wife. In the past two weeks, Meng said, the site began reporting allegations that Zhou Yongkang, China’s security chief and a top party official, had plotted with Bo to block the rise of Xi Jinping, who is slated to become China’s next president.

Meng said he got a call Thursday morning from Name.com, the firm that registers Boxun at a specific Internet address. Name.com informed Meng that it had been hit with a distributed denial-of-service (DDoS) attack in which high volumes of Internet traffic are directed against a particular server, causing it to fail.

The employee also told Meng the company had received an anonymous e-mail threatening to continue the disruption unless it dropped Boxun, Meng said.

“We cannot host you. You have to move off,” he said he was told. “I asked, ‘How much time do we have?’ “ Meng said. “I was told, immediately.”

Name.com founder William Mushkin expressed regret in an e-mail to The Post, confirming that his firm had received a letter demanding Boxun.com be disabled. Shortly afterward, Name.com’s main Web site and other servers came under a “massive . . . attack . . . one of the largest ones in the company’s history.”

Name.com manages 1.5 million domains or sites, Mushkin said, suggesting that those sites would have been put at risk if the servers came under attack. During the DDoS attack, he said, Name.com received an additional e-mail threatening to continue the assault “unless we handed over the domain to the attackers and told the original owner that it was stolen.”

At that point, he said, Name.com helped Meng transfer his site to another registrar as quickly as possible.

“Strong-arm tactics such as this hurt the free exchange of ideas that the Internet is meant to enable,” Mushkin said. “We find it regrettable that free speech is not yet a universal right. We hope to support Boxun.com in the future.”

On Friday afternoon, enom.com, the hosting service that Boxun moved to, notified Meng that it would have to find another registrar by 5 p.m., said Meng, who was completing the transfer to a third company, 1and1.com.

Chinese pressure on websites that present views the government considers threatening is not uncommon, and the government considers state control of information crucial to its survival.

In recent weeks, Xinhua, the official Chinese news agency, said that it had shuttered more than a dozen Web sites, arrested at least six people and suspended the comment functions on two microblogs following Internet-fueled rumors of an internal power struggle in the government.

Mushkin said the attack on his site had been traced back to China, but he had no evidence that it was connected to the government.

At least one other overseas Chinese-language site has suffered a cyberattack since the eruption of the Bo scandal. Epoch Times, a news service affiliated with the Falun Gong spiritual movement, said earlier this month that it had been targeted in a series of DDoS attacks.

Last July, eight U.S. lawmakers wrote a letter to President Obama expressing alarm at “severe and continual cyber attacks” against Chinese-language pro-democracy Web sites.

They cited Boxun, which was hit by a DDoS disruption in February 2011, hours after it published an article by an anonymous writer calling for a Jasmine Revolution in China, inspired by the Arab Spring. The disruptions continued, off and on, until July.

“Bully boy tactics against companies, against nonviolent human rights promoters require a response,” said Rep. Christopher H. Smith, R-N.J., who co-signed the letter and has sponsored legislation aimed at stemming Internet censorship in countries such as China.